[cap-talk] Fwd: [hcisec] Apparent implementation of a CapDesk-like system for Windows

Mark Miller erights at gmail.com
Mon Sep 17 06:12:36 EDT 2007 

---------- Forwarded message ----------
From: pgut001 at cs.auckland.ac.nz <pgut001 at cs.auckland.ac.nz>
Date: Sep 16, 2007 9:21 PM
Subject: [hcisec] Apparent implementation of a CapDesk-like system for Windows
To: hcisec at yahoogroups.com


I recently ran across something that looks like a commercial CapDesk-like
system, a bit like Polaris but it's an actual shipping commercial product.
Unfortunately the info on their web site,
http://www.gentlesecurity.com/technology.html, is a rather fuzzy, and the only
detailed review I've seen of it is in German (this month's iX magazine).  Like
CapDesk, GeSWall jails apps unless they're given extra rights to perform
certain operations (there are predefined rulesets for common Windows apps like
IIS, Apache, Oracle, and so on).

There's a pile of interesting features there, for example alongside the usual
RWXD ACL settings there's also a "redirect" setting that provides access to a
virtualised version of the original resource (for example a registry key), in
the same way that MLS Unixes virtualised the tmp directory.

GeSWall also adds integrity labels to all data, providing mandatory integrity
controls.  Overall, it's an interesting application, and surprising that it's
taken so long for something like this to appear for Windows.

(Disclaimer: I don't have any association with the product or the vendor, just
 thought it was something interesting to point out).

Peter.



Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/hcisec/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/hcisec/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:hcisec-digest at yahoogroups.com
    mailto:hcisec-fullfeatured at yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    hcisec-unsubscribe at yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/




-- 
Text by me above is hereby placed in the public domain

    Cheers,
    --MarkM

More information about the cap-talk mailing list